diff --git a/st2web/Dockerfile b/st2web/Dockerfile
index 2116a303..d0866302 100644
--- a/st2web/Dockerfile
+++ b/st2web/Dockerfile
@@ -17,6 +17,7 @@ LABEL com.stackstorm.component="st2web"
 
 ENV container docker
 ENV TERM xterm
+ENV ST2WEB_HTTPS 0
 
 # Default, but overrideable env vars to be substituted in st2.template nginx conf
 ENV ST2_AUTH_URL http://st2auth:9100/
@@ -53,7 +54,8 @@ RUN if [ "${ST2_VERSION#*dev}" != "${ST2_VERSION}" ]; then \
   && rm -f /etc/apt/sources.list.d/StackStorm_*.list
 
 # Download st2.conf and apply patch
-COPY files/st2.conf.patch /tmp
+COPY files/st2.conf-http.patch /tmp
+COPY files/st2.conf-https.patch /tmp
 RUN if [ "${ST2_VERSION#*dev}" != "${ST2_VERSION}" ]; then \
     ST2_BRANCH=master; \
   else \
@@ -61,10 +63,14 @@ RUN if [ "${ST2_VERSION#*dev}" != "${ST2_VERSION}" ]; then \
   fi \
   && echo ST2_BRANCH=${ST2_BRANCH} \
   && apt-get install -y patch gettext-base \
-  && curl -sf https://raw.githubusercontent.com/StackStorm/st2/${ST2_BRANCH}/conf/nginx/st2.conf -o /etc/nginx/conf.d/st2.template \
-  && patch /etc/nginx/conf.d/st2.template < /tmp/st2.conf.patch \
+  && curl -sf https://raw.githubusercontent.com/StackStorm/st2/${ST2_BRANCH}/conf/nginx/st2.conf -o /etc/nginx/conf.d/st2-http.template \
+  && cp /etc/nginx/conf.d/st2-http.template /etc/nginx/conf.d/st2-https.template \
+  && patch /etc/nginx/conf.d/st2-http.template < /tmp/st2.conf-http.patch \
+  && patch /etc/nginx/conf.d/st2-https.template < /tmp/st2.conf-https.patch \
   && rm -f /etc/nginx/conf.d/default.conf \
-  && rm -f /tmp/st2.conf.patch
+  && rm -f /tmp/st2.conf.patch \
+  && rm -f /tmp/st2.conf-http.patch \
+  && rm -f /tmp/st2.conf-https.patch
 
 # It's a user's responsbility to pass the valid SSL certificate files: 'st2.key' and 'st2.crt', used in nginx
 VOLUME ["/etc/ssl/st2/"]
@@ -72,4 +78,4 @@ VOLUME ["/etc/ssl/st2/"]
 EXPOSE 80
 EXPOSE 443
 STOPSIGNAL SIGTERM
-CMD ["/bin/bash", "-c", "envsubst '${ST2_AUTH_URL} ${ST2_API_URL} ${ST2_STREAM_URL}' < /etc/nginx/conf.d/st2.template > /etc/nginx/conf.d/st2.conf && exec nginx -g 'daemon off;'"]
+CMD ["/bin/bash", "-c", "if [ ${ST2WEB_HTTPS} = 1 ]; then ST2WEB_TEMPLATE='/etc/nginx/conf.d/st2-https.template'; else ST2WEB_TEMPLATE='/etc/nginx/conf.d/st2-http.template'; fi && envsubst '${ST2_AUTH_URL} ${ST2_API_URL} ${ST2_STREAM_URL}' < ${ST2WEB_TEMPLATE} > /etc/nginx/conf.d/st2.conf && exec nginx -g 'daemon off;'"]
diff --git a/st2web/README.md b/st2web/README.md
index 63445c6d..776eb9fd 100644
--- a/st2web/README.md
+++ b/st2web/README.md
@@ -10,10 +10,13 @@ The following environment variables are available for configuration:
 - `ST2_AUTH_URL` (default: `http://st2auth:9100/`) - StackStorm Auth service
 - `ST2_API_URL` (default: `http://st2api:9101/`) - StackStorm API service
 - `ST2_STREAM_URL` (default: `http://st2stream:9102/`) - StackStorm Stream service
+- `ST2WEB_HTTPS` (default: `0`) - Use https with st2web
 
 > Warning! All 3 services should be DNS/network accessible for `st2web` container to start properly. Thanks to K8s pod restarts, it's not a problem.
 
 ### Secrets
+> Note! You may safely ignore this section if `ST2WEB_HTTPS` is set to `0`.
+
 StackStorm Web UI uses nginx for SSL negotiation. A valid SSL certificate is required for `st2web` to run properly.
 You have to share with the Docker container the following files:
 - `/etc/ssl/st2/st2.crt` (required) - SSL certificate, [`ssl_certificate`](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) nginx directive
diff --git a/st2web/files/st2.conf-http.patch b/st2web/files/st2.conf-http.patch
new file mode 100644
index 00000000..2ec3f725
--- /dev/null
+++ b/st2web/files/st2.conf-http.patch
@@ -0,0 +1,86 @@
+--- /etc/nginx/conf.d/st2.template	2019-05-27 14:11:20.000000000 -0700
++++ /etc/nginx/conf.d/st2.conf	2019-05-27 14:22:28.000000000 -0700
+@@ -1,6 +1,6 @@
+ #
+-# nginx configuration to expose st2 webui, redirect HTTP->HTTPS,
+-# provide SSL termination, and reverse-proxy st2api and st2auth API endpoint.
++# nginx configuration to expose st2 webui, and reverse-proxy the st2api and
++# st2auth API endpoints.
+ # To enable:
+ #    cp ${LOCATION}/st2.conf /etc/nginx/sites-available
+ #    ln -l /etc/nginx/sites-available/st2.conf /etc/nginx/sites-enabled/st2.conf
+@@ -9,39 +9,12 @@
+ server {
+   listen *:80 default_server;
+ 
+-  add_header Front-End-Https on;
+   add_header X-Content-Type-Options nosniff;
+ 
+-  if ($ssl_protocol = "") {
+-       return 308 https://$host$request_uri;
+-  }
+-
+-  index  index.html;
+-
+-  access_log /var/log/nginx/st2webui.access.log combined;
+-  error_log /var/log/nginx/st2webui.error.log;
+-}
+-
+-server {
+-  listen       *:443 ssl;
+-
+-  ssl on;
+-
+-  ssl_certificate           /etc/ssl/st2/st2.crt;
+-  ssl_certificate_key       /etc/ssl/st2/st2.key;
+-  ssl_session_cache         shared:SSL:10m;
+-  ssl_session_timeout       5m;
+-  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+-  ssl_ciphers               EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
+-  ssl_prefer_server_ciphers on;
+-
+   index  index.html;
+ 
+-  access_log            /var/log/nginx/ssl-st2webui.access.log combined;
+-  error_log             /var/log/nginx/ssl-st2webui.error.log;
+-
+-  add_header              Front-End-Https on;
+-  add_header              X-Content-Type-Options nosniff;
++  access_log /proc/self/fd/1 combined;
++  error_log stderr;
+ 
+   location @apiError {
+     add_header Content-Type application/json always;
+@@ -53,7 +26,7 @@
+ 
+     rewrite ^/api/(.*)  /$1 break;
+ 
+-    proxy_pass            http://127.0.0.1:9101/;
++    proxy_pass            ${ST2_API_URL};
+     proxy_read_timeout    90;
+     proxy_connect_timeout 90;
+     proxy_redirect        off;
+@@ -83,7 +56,7 @@
+ 
+     rewrite ^/stream/(.*)  /$1 break;
+ 
+-    proxy_pass  http://127.0.0.1:9102/;
++    proxy_pass  ${ST2_STREAM_URL};
+     proxy_set_header Host $host;
+     proxy_set_header X-Real-IP $remote_addr;
+     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+@@ -111,7 +84,7 @@
+ 
+     rewrite ^/auth/(.*)  /$1 break;
+ 
+-    proxy_pass            http://127.0.0.1:9100/;
++    proxy_pass            ${ST2_AUTH_URL};
+     proxy_read_timeout    90;
+     proxy_connect_timeout 90;
+     proxy_redirect        off;
+@@ -136,4 +109,5 @@
+     tcp_nopush on;
+     tcp_nodelay on;
+   }
++
+ }
diff --git a/st2web/files/st2.conf.patch b/st2web/files/st2.conf-https.patch
similarity index 91%
rename from st2web/files/st2.conf.patch
rename to st2web/files/st2.conf-https.patch
index 33c84fe1..e74b93a4 100644
--- a/st2web/files/st2.conf.patch
+++ b/st2web/files/st2.conf-https.patch
@@ -1,5 +1,5 @@
---- /etc/nginx/conf.d/st2.template	2018-07-26 16:55:35.000000000 +0000
-+++ /etc/nginx/conf.d/st2.conf	2018-07-26 17:06:30.200000000 +0000
+--- /etc/nginx/conf.d/st2.template	2019-05-27 14:11:20.000000000 -0700
++++ /etc/nginx/conf.d/st2.conf	2019-05-27 14:22:11.000000000 -0700
 @@ -18,8 +18,8 @@
  
    index  index.html;